Cloudflare says I have 10 Websites - I have None...WTF?

I randomly received a bunch of emails Friday at 500 congratulating me on activating a bunch of websites. …random 20+characters and .cf and .ml domains. Also received a confirmation email requesting that I confirm my account/login. Dashboard shows traffic to these web addresses …for example 30000 hits, 400+ unique visitors for one site since Friday…WTF. Trying to go to the address just gives a 1006 error and a message that the user has banned my IP address???

I have no idea what this is all about.

I was playing with ProxMox on Friday and uses this particular email address but not at 500am so I am totally at a loss.

Any ideas?

ragnar01

On first pass, it sounds like phishing. But if you login to dash.cloudflare.com and look at your account, do you see a bunch of sites?

If you do and they are not yours/do not look familiar/match what you got in the email, then I doubt it’s phishing, but is still fishy. I’d change your cloudflare password, email password, and your API keys asap.

Not really phising because the emails are from Cloudflare. I didn’t have an account until they sent me the confirming email. My dashboard shows 10 incomprehensible websites of the form

bomogocccdorrrgmifroafrseodopora.ml
mourfhuhgiacforbsiidcfhsgdripeua.ml
aufhpphrcfurudfedjfraihcpsmrjsro.cf

+7 more of the same pattern.

I pinged 2 of them and got IP addresses of 104.24.124.185, 104.27.140.121 which I think are Cloudflare #s? but if I go to the addresses I get a Error 1006 Access denied and that my IP has been banned. My dashboard shows these 10 websites? and that they are getting more than nominal traffic - 30000 hits, 400+ unique visitors over the weekend for the one I checked. It seems really fishy and I am a bit concerned that there is some dodgy if not illegal activity/content involved. Cloudflare is ignoring/not understanding the situation so far. Pretty sure someone entered my email while registering these websites by mistake - not sure how they could get them unlinked to my account going forward and whether that would be a problem. Before I delete/cancel them? I just want to figure out what is there and have some assurances that nothing could be linked/blamed on me going forward.

ragnar

1 Like

Hi @ragnar01, I am cc’d on your Support ticket and see it has been routed to the appropriate team. At this point they’ll assist you and neither Support nor I can see that conversation.

If someone added these zones to your Cloudflare account that means they have gained access to your dashboard and that means you should please change your login password immediately.

And, rotate your API keys. Beyond that, yes you can remove them from your account while you’re waiting for the team to respond to you.

2 Likes

I wasn’t a Cloudfare customer before Saturday - I didn’t have a dashboard - I don’t have any of my websites in Cloudflare (That I know of) pretty sure someone created an account,set up the websites but put in the wrong email address - I was sent the confirming email and somehow allowed to (re)set the password - my guess is someone is pissed off somewhere :laughing:

hope to get some clarification soon

ragar01

1 Like

They’ll get over it. It seems they’ve successfully set the name servers to cloudflare, all they’ll need to do to take over the domains is to add them to their own cloudflare account and then contact the registrar to change the name servers to the two in their account. Sorry for the pain with this.

2 Likes

Was it a different email address than what you’re using to log into your own Cloudflare account? Or did you just log into the account that other person set up?

p.s. Some clown was using my mac.com email address to set up accounts at various gaming sites. Now they’re a sad clown. Shockingly, none of those sites sent a verification email before activating those accounts.

2 Likes

It is my semi anonymous generic email address, never used for Cloudflare access that I remember - the weird part was that I was playing with Proxmox VE setup on Fri and it asks for an email address during installation … and I setup a server maybe 6 or more times :roll_eyes: so I was wondering if the Cloudflare stuff was somehow related to the multiple Server node setups.

ragnar01

1 Like

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.